Thursday, 4 December 2014

Change Brings Challenges

For some time now I've been running a #RasPi off our router, providing the private cloud based options for file-sharing, collaboration, and getting to those important documents we forgot to bring. So far I'm very happy with ownCloud. I'm also happy with Apache as my base web server, though I have not done enough with it. A basic home page is all really.

Plus, that image has been up and running now for some time. It's image base is old (2013??) and it probably needs a spruce-up of its firm-ware. I want to put an email server on it. So far I'm considering Citadel as my front runner there.

The other problem is that I fear it may have been hacked. Either that, or with my increasing age, and the extended periods of time since I last accessed that box, I have forgotten the passwords. Ooopps! Can't have a box that has been rooted. The kid in me smells a counter hack in the making. The old bloke recognises that there was nothing on the box of any grand importance. A #rebuild with a new SD card and properly implemented security would probably avoid the potential of reclaiming a box with unknown backdoors.

Beyond this, what I'd also like is to setup the opportunity for some web services that can interface with some home-made mobile apps.

What I am uncomfortable with is our router. Yes, you can set it up to forward connections for different services and applications. It will forward incoming common protocols to the correct port on a specified IP address. I am not certain however, if you have more than one website, differentiated by port, that the router's port forwarding works that well. The interface for setting up the port forwarding is not user friendly. So, I am considering using multiple IP addresses on eth0 (#aliases), to ease the pain.

To set up for using multiple IP addresses, there are two methods. One is to a running change that is non-persistent An example of this can be found at Penguin Tutor. The method I am going to use will persist the changes when the RasPi is rebooted:

Repeat as necessary for aliases eth0:1.. to eth0:x, depending upon how many aliases your box requires. Save the changes to your interfaces file and restart your network services.

pi@exampleberry ~ $ sudo /etc/init.d/networking restart

Check the results by running ifconfig.

Of course, a potential headache that I will create by doing this is that I will simply increase the exposure of my RasPi box to further intrusions. So before I go any further, its time to research how to harden my RasPi and monitor for intrusion.